Auto-discover yubikeys known by the ykksm.

2025-02-01 01:52:18 +01:00 · 2009-04-01 16:09:29 +00:00 · 2009-04-01 16:09:29 +00:00 · 52720a57ba
commit 52720a57ba
parent 84f381ba96
2 changed files with 19 additions and 2 deletions
--- a/common.php
+++ b/common.php
@ -127,9 +127,9 @@ function decryptOTP($otp, $base_url) {
 function getAuthData($conn, $devId) {
 	$tokenId = modhex2b64($devId);
 	$stmt =
-	  'SELECT id, client_id, counter, sessionUse, low, high, accessed '.
+	  'SELECT id, active, client_id, counter, sessionUse, low, high, accessed '.
 	  'FROM yubikeys '.
-	  'WHERE active AND tokenId='.mysql_quote($tokenId);
+	  'WHERE tokenId='.mysql_quote($tokenId);
 	$r = query($conn, $stmt);
 	if (mysql_num_rows($r) > 0) {
 		$row = mysql_fetch_assoc($r);
@ -139,6 +139,13 @@ function getAuthData($conn, $devId) {
 	return null;
 } // End getAuthData

+function addNewKey($conn, $devId) {
+	$tokenId = modhex2b64($devId);
+	$stmt = 'INSERT INTO yubikeys (client_id, active, created, tokenId, counter) '.
+	  'VALUES (1, true, NOW(), ' . mysql_quote($tokenId) . ', 0)';
+	$r = query($conn, $stmt);
+}
+
 // $clientId: The decimal client identity
 function getClientData($conn, $clientId) {
 	$stmt =
--- a/verify.php
+++ b/verify.php
@ -82,12 +82,22 @@ debug($otpinfo);
 //
 $devId = substr($otp, 0, strlen ($otp) - TOKEN_LEN);
 $ad = getAuthData($conn, $devId);
+if (!is_array($ad)) {
+	debug('Discovered Yubikey ' . $devId);
+	addNewKey($conn, $devId);
+}
+$ad = getAuthData($conn, $devId);
 if (!is_array($ad)) {
 	debug('Invalid Yubikey ' . $devId);
 	sendResp(S_BAD_OTP);
 	exit;
 }
 debug($ad);
+if ($ad['active'] != 1) {
+	debug('De-activated Yubikey ' . $devId);
+	sendResp(S_BAD_OTP);
+	exit;
+}

 //// Check the session counter
 //